From patchwork Mon Jan 22 12:38:39 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Howells X-Patchwork-Id: 13525416 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1A49DC4725D for ; Mon, 22 Jan 2024 12:39:15 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 515876B0096; Mon, 22 Jan 2024 07:39:13 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 3B0866B0099; Mon, 22 Jan 2024 07:39:13 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 1DC136B009A; Mon, 22 Jan 2024 07:39:13 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id F15596B0096 for ; Mon, 22 Jan 2024 07:39:12 -0500 (EST) Received: from smtpin21.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id D1E51A09C2 for ; Mon, 22 Jan 2024 12:39:12 +0000 (UTC) X-FDA: 81706902144.21.18FB0F5 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by imf15.hostedemail.com (Postfix) with ESMTP id 277D1A0004 for ; Mon, 22 Jan 2024 12:39:10 +0000 (UTC) Authentication-Results: imf15.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=AWT7NrTb; spf=pass (imf15.hostedemail.com: domain of dhowells@redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=dhowells@redhat.com; dmarc=pass (policy=none) header.from=redhat.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1705927151; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=iici4CcialH0lyfTdSLWnoYWTya5IEpmfmLuwHkca5Y=; b=z88qebsF/R5TYYtzF1T8GdjRH+MafvYVlWaM4ajO/+k//kZg/BRG4ooKCDYXeHzw35ZFme 7C30HVFtDgLUC66BHdMoViXKs1pEAaz165C54qRwli1TD2uoNR8yLuIX5IIqNm40MTrFVC zTp0qsWkctSbYngSg2sXg8kjp8BrxYc= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1705927151; a=rsa-sha256; cv=none; b=1hhOhgHEIIPqHoZakBlArhq4nYDJ0jpmPcpzdq3QzLJrFNB9k1W2350CKhh0DR7Bual82V lwYlt9xhoEWZS67eaOPRXsgXinHrWKajcjRA/yedc0YKa4oIBJiSWvdDxCt0RZhtgVvFkk f5dX7eE6kmu4v/uEXlCO9mkKbj4+r9o= ARC-Authentication-Results: i=1; imf15.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=AWT7NrTb; spf=pass (imf15.hostedemail.com: domain of dhowells@redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=dhowells@redhat.com; dmarc=pass (policy=none) header.from=redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1705927150; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=iici4CcialH0lyfTdSLWnoYWTya5IEpmfmLuwHkca5Y=; b=AWT7NrTbsZhWKdq1S/kzf2gIRsFA2virrEQU9NGA7D9eWHVtRsK6dCIj4eVJLH0EJ07YO7 UPNY792Bo41wB/FdMirOd+N91cohAIZ8+ggDYF2BPjLq9ZgC1wiTejC61OB2UZzAQzFBxO j2M8vei0EsLhkLsigj+h2kMTEl6VueU= Received: from mimecast-mx02.redhat.com (mx-ext.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-304-nqfuXrHZNCS78rn85yiyNQ-1; Mon, 22 Jan 2024 07:39:09 -0500 X-MC-Unique: nqfuXrHZNCS78rn85yiyNQ-1 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 0A9D51C05ABA; Mon, 22 Jan 2024 12:39:08 +0000 (UTC) Received: from warthog.procyon.org.com (unknown [10.42.28.67]) by smtp.corp.redhat.com (Postfix) with ESMTP id 9CA3E2026D66; Mon, 22 Jan 2024 12:39:05 +0000 (UTC) From: David Howells To: Christian Brauner Cc: David Howells , Jeff Layton , Matthew Wilcox , netfs@lists.linux.dev, linux-afs@lists.infradead.org, linux-cifs@vger.kernel.org, linux-nfs@vger.kernel.org, ceph-devel@vger.kernel.org, v9fs@lists.linux.dev, linux-erofs@lists.ozlabs.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, Marc Dionne , Gao Xiang , Chao Yu , Yue Hu , Jeffle Xu Subject: [PATCH 06/10] cachefiles, erofs: Fix NULL deref in when cachefiles is not doing ondemand-mode Date: Mon, 22 Jan 2024 12:38:39 +0000 Message-ID: <20240122123845.3822570-7-dhowells@redhat.com> In-Reply-To: <20240122123845.3822570-1-dhowells@redhat.com> References: <20240122123845.3822570-1-dhowells@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.4 X-Rspamd-Queue-Id: 277D1A0004 X-Rspam-User: X-Rspamd-Server: rspam11 X-Stat-Signature: scb5fa3t9atk53h3876hfca4heuquexc X-HE-Tag: 1705927150-190071 X-HE-Meta: U2FsdGVkX1+2Qm3n3YgCdlv3Bal/yM5aVQdwRin0EmLE/RhzEPeDOz55rZfEBuSp8cB1tp2XxfVoK6F92J02ZfqeAV0rktFaaAWsGyvVvg+ZrKVcepaaPU4SptmDNL6yUwLINtzrddkMjcD7SlqmGJLs52iZpwoUk3zUXiy8+lEhzUYtZxC66ZnJSc7CIFJFsP3tpyF04u4dDj1jBUaBSWOCCq6vmF80ecordsFLJZn4rWaTcFNUdArRZRbSn2taTwIWSf9d3Y4IvionokGvyoZgPDFbbF11O9L9D7/TT46qHziV6FiGBDzxgahzgSUEBVaWbjjjeWHAjn5xtFiTTlxYQRZ3Cs3sLoJ55jnX/o5bym1/uP32haH1OsqLRtZoLZaQ6qi+RIe7ynFX3DmSAESShI1AVYF9gUVGNXVulkjZyBLaANiDVcdDP94Y85+vnapHk0AwaKUSMBix6xRBSLqYv6cqoc0ihOsept87b7Vk1ZILBN5HaO13t3ENBSG/KvATyeT07kNLdBg+vlI+bGj3BzvQx5Zf9fMytSbo8IQU/2r8LO2giy1r5N1DntpbVZ/NzFNhk8xYOh0QNJECRAEkAnk8UvQd4TX/8aefa/glL1FdBr1Hcrk6YRj9+XN7PlFBb+3rw96cQQpM5Ys329O3xgia4DHvjZpxJ/PcgJxFIKDWizq31YaIlh7P4hHabr0G88f6LsesEOH+S4pyvF4mR6dsLyF6oKQXAAQAfOq/YLs5f3W1W/LRZDpKFXLTid6wBjUGXGMEAS+jSKnMFTbYRYu3uVzuBgKxmNq5YSS/2agsc5NssgYTxo6zfdCRA/64sDzgbl3Vh0d44EXBMW+oPLvWFOxOmliyxs4GPGFt/8UyjbslGEC+OIQaG9tNls13MjABJlLP9cRLdxKxx6JljrwfsUwPJMnklIjh4kZEPULhPIAIHX1eKPIHfvJLkg30dZrTgM9YJ/KZ1+w yIVYx5F+ T4+sLNXozbWx7GxQMaXxZkEFWWFaHI8BAIDV9ba3V93VxzBdAdmW+u84EnJ8XXhGZHqfQnjZ4W72pZasPBCbYrkvh5QhdjyjZS+AR5ICPD8pPGjEtng5J7xGhrvMjdB8nS1HxrlhVA+YWi0uwJiWLQGRQFVTh8RONz4qCt7x7OtpWKt64TMGc6S070FZsJz65kq3q1faV3VL473BzLBrSC8rVPh43a7dbrY6pgvLBQQbvXSBjtt8qbTgnUu0lasA+6kCiJTLol7pn/i8ZyxrZ/xsu7H419oZlYadKrD04Esha+r1B8dd08W1hNxWTAArbDNzm06iSTpyJCuo9qPiF36YTTJ4VYYLQvOR1/03VrvyjE8y+Z9UYflbu3FrA1rv1LeVo8MtwLgsMfHHpBO77Aa6bFRahcroBjeUB8DBbEZjG8QkcC86DRhvh1g== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: cachefiles_ondemand_init_object() as called from cachefiles_open_file() and cachefiles_create_tmpfile() does not check if object->ondemand is set before dereferencing it, leading to an oops something like: RIP: 0010:cachefiles_ondemand_init_object+0x9/0x41 ... Call Trace: cachefiles_open_file+0xc9/0x187 cachefiles_lookup_cookie+0x122/0x2be fscache_cookie_state_machine+0xbe/0x32b fscache_cookie_worker+0x1f/0x2d process_one_work+0x136/0x208 process_scheduled_works+0x3a/0x41 worker_thread+0x1a2/0x1f6 kthread+0xca/0xd2 ret_from_fork+0x21/0x33 Fix this by making the calls to cachefiles_ondemand_init_object() conditional. Fixes: 3c5ecfe16e76 ("cachefiles: extract ondemand info field from cachefiles_object") Reported-by: Marc Dionne Signed-off-by: David Howells cc: Gao Xiang cc: Chao Yu cc: Yue Hu cc: Jeffle Xu cc: linux-erofs@lists.ozlabs.org cc: netfs@lists.linux.dev cc: linux-fsdevel@vger.kernel.org Reviewed-by: Jingbo Xu Reviewed-by: Gao Xiang --- fs/cachefiles/namei.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/fs/cachefiles/namei.c b/fs/cachefiles/namei.c index 7ade836beb58..180594d24c44 100644 --- a/fs/cachefiles/namei.c +++ b/fs/cachefiles/namei.c @@ -473,9 +473,11 @@ struct file *cachefiles_create_tmpfile(struct cachefiles_object *object) if (!cachefiles_mark_inode_in_use(object, file_inode(file))) WARN_ON(1); - ret = cachefiles_ondemand_init_object(object); - if (ret < 0) - goto err_unuse; + if (object->ondemand) { + ret = cachefiles_ondemand_init_object(object); + if (ret < 0) + goto err_unuse; + } ni_size = object->cookie->object_size; ni_size = round_up(ni_size, CACHEFILES_DIO_BLOCK_SIZE); @@ -579,9 +581,11 @@ static bool cachefiles_open_file(struct cachefiles_object *object, } _debug("file -> %pd positive", dentry); - ret = cachefiles_ondemand_init_object(object); - if (ret < 0) - goto error_fput; + if (object->ondemand) { + ret = cachefiles_ondemand_init_object(object); + if (ret < 0) + goto error_fput; + } ret = cachefiles_check_auxdata(object, file); if (ret < 0)